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(54) Packet switched system 

(57) End-to-end encryption of traffic in packet networks presents difficulties due to the discontinuous 
nature of the data. In the present method these difficulties are overcome by sending an initialisation 
variable (IV) during the initial call setting and controlling the clocking information such that at each end the 
clock for the encryption or decryption is started at the beginning of the information field and stopped at 
the end thereof. Thus when the next packet is sent, both cryptos are correctly set. 

This avoids the need to send such information with each packet, as called for in some known systems 
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Fig. 7. 
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Fig. 2. 
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SPECIFICATION 

Packet switched system 

5 This invention relates to data transmission 
systems ,n which data is conveyed in packet- 
switched manner. In such systems the packe s 
which together form a message may well 
10 olnL'": be sent from a calling^erminaU^ a 
nodes '"^^ °' exchanges or 

Security is essemial in some cases of com- 
mun.cat.on of information through networkt 

15 sTt^onr'^'°•■ ^^'^ "'^^'"^ «° LTJ^r^^^n- 
InT ■ "la" etc. Security involves 

such aspects as authentication of access to 
.nformat.on, authentication of data sent bv sia 

rTte in?;!"'' °' '^^ff- from de,«,|:^' 

20 th ^ '"terference or intervention while in transit 
20 through the network which may be public o" 

The arrangement to be described herein re- 
lates to the end-to-end encryption of traffic in 
25 packet networks in which the priCr art has 
l.mrtat.ons in application and effectiveness 
Informauon is transmitted in packet net- 
works by arranging the data in a framed for- 

30 t'^' ""^'^ """^ '^^ntrol and eTror de- 

30 ^ct,on .nformation is in the frame. Frames 
may be concatenated to form a contig^us 
tTrl "kely, sent in groups 

each frame be.ng separated by a variable 
35 '"♦--<=tive operation the infor- 

35 rnat.on content of packets may be sftiaTl and 
the separation may be relatively long To op 

tr?nsm£="^'"'°^' P^cketJ for ot^er 

transmiss.ons are .nterposed in the intervening 

encryption must ensure that onlv 
the informat.on content of the packet is en 
crypted s.nce the control information in the 
frame .s needed at intermediate nodes in the 
network. To decrypt the informat.on certa.n 
45 encrypfon parameters must be transmuted to 
he rece.v,ng end to load the decryptSn de- 
v.ces and data-related synchronism rTst be 
ma,nta.ned although the data is sepa^^ed by 
50 cZ:r t-nsmitter and re-' 

^hZ'^L^"" ^""'^^^ "^'""^ 3" Initialisation Vari- 
at thjy " ""''^ ^"'^'^ Packet and is used 
Tnn V'^"'^'' ^° decryption device 

55 tNs *f ,"'r'^'" synchronisation"^ However 

Ob this has limitations including- 

(a) The standard frame format e q X25 re 
quires modification to accommodat^tJe adit- 

(b) The IV which may be 64 hit«= tr. • 

60 Significant increase to t'he^amin^ -ivXad'' 

(c) When contiguous packets are sent the 
mcreased overhead may involve an inc?ease In 
ceed tr'^"" transmission rate which may ex 
ceed the constra.nts of the system 

bi> A vanation exists in which the IV is sent 
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with an initial packet and with succeedinq 

An object of the invention is to provide an 
75 l^r^TtTaTL:" ^"^^ --"^^^^^^^^^ 

According to the invention there is provided 
a data transm.ss.on system of the packet 
switched type, in which each melsaae to 
transmitted consists of one or r^ore^data 
80 packets each having a header, an .^formation 
^eld which may be encrypted and a tJJ' n 
which an .n.t.alisation variable is transr^ ted 
from the one end of the connection ^tK 
other end thereof only during the init al call 
85 sett,ng s.gnalling and is used^o set thi en- 
cryption and decryption operations to the 
end of r^-K^r'^'^*^ '^"^ ««"ding end the 
rom^ ^ ^^^"^^^ and controls the 

90 SSrTno th'/'^r' encryption opera^^n 

f";'"9./.'^e information field and the start of 

erati'o^' and'ln"1? 1° ^"^^ encryption op- 

^^th-tadr-.-^^^^^^^^^^ 

™t,c of pan of a lerminal embodvinq ,Kf " 
105 The orasem meilmd enables ,he packelised 

no=J-S!t.-^^-tTa,~-^ 

dification to normal operation 

11R ^, ♦k"'®^®"* based on the pre- 

115 rnise that packet traffic is asynchronous (al- 

ised?Vi"V'^"'='^°"°"^ beaVer may be 
used) and that packets can be of variable 
ength and variably spaced. During the e^tab- 
lishment of a connection-virtual or rea? 
120 agreement is reached on the need to apply 
encryptK,n, the necessary key parameters be 
ing exchanged. The initialisation varTabte ?s 

reset bmh'e" "''""^"^^ ''^ "^^^ to 

125 tTtho encryption and decryption devices 
l-JS to the same initial condition 

A bit rate clock is generated such that bit 
synchron.sm is assured at each end, and that 
the commencement of the encrypted data 
content of the packet causes thr/rypto de- 
130 v,ces to be advanced from their initial condi- 
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tion. At the end of the encrypted data, the 
clocks are interrupted, thus stopping both 
crypto devices at the same position. The suc- 
cessive packets cause the cryptos to restart 
5 and stop respectively at the beginning and 
end of each encrypted sequence of data. Thus 
since the cryptos always restart fronn the 
same position in which they were stopped, 
synchronism between the encryption and de- 

10 cryption devices is generally maintained. 

If an external agency disturbs this synchron- 
ism, the loss is detected by normal error de- 
tection methods used in the system, and an 
error message is returned to the sending end 

15 to request a new initialisation variable, and re- 
peat of the data. 

A variation of the present method involves 
the use of so called 'fast select' procedures in 
which the whole of the information is in a 

20 single packet together with the required ad- 
dress and control information. In this case, the 
type of packet is identified by a facility' code 
and the encryption and initialisation parameters 
are within fields preceding the information 

25 field. Thus the decryption device is aware of 
the special type of packet and having been 
appropriately set starts the algorithm process 
at the beginning of the information field. 
The present system is described as applied 

30 to a system of the internationally standardised 
X25 type, which allows for multiple logical 
channels to be associated with a single physi- 
cal link. This complicates the operation of the 
encryption unit in that between packets it 

35 needs to store the logical channel number in 
association with the appropriate state of the 
initialisation variable. Therefore, as each logical 
channel is transmitted over the physical link it 
is compared with those in store and the re- 

40 quired IV transferred into the working IV 
memory. 

Fig. 1 shows as much of an X25 based 
encryption/decryption unit as is relevant to the 
present method, the remainder of such a ter- 

45 minal following conventional practice. Informa- 
tion arriving at the unit possibly for encryption 
enters at an HDLC (high level data link control) 
unit, which among other functions extracts 
any control information for the link control LC 

50 and network control NC blocks. The informa- 
tion passes from the HDLC block to a buffer B 
for temporary storage. From here it passes, 
under clock control, to a crypto unit CU from 
which the packets, with their information fields 

55 encrypted if needed, pass to another HDLC 
unit for transmission. 

Associated with the crypto unit CU, there 
are a key unit K from which the crypto key is 
obtained, both when the unit CU is encrypting 

60 and also when it is decrypting. Also we have 
the initialisation variable (IV) generation unit 
IVU; when a call is set up under control of 
the microprocessor MP, the call setting infor- 
mation which is initially sent includes encryp- 

65 tion keys and an initialisation variable. This 



notifies the called end as to whether or not 
the message to be sent is encrypted, this be- 
ing determined from part of the message as it 
arrives via the first HDLC block. 

70 The clock is so set, under microprocessor 
control, that when the first packet is sent, the 
crypto unit CU is enabled at the commence- 
ment of its information field, and is stopped 
at the end of that field. 

75 At the called end, which is similar to what 
is shown, the initialisation variable is passed 
via the link control LC thereat to the micropro- 
cessor and clock thereat, so that the micro- 
processor sets the called end s crypto for the 

80 desired encryption. In addition, when the first 
packet arrives, the clock is enabled so as to 
start the crypto unit at the commencement of 
the information field and to stop at the end 
thereof. The initial call setting operations will, 

85 of course, in accordance with normal practice, 
have resulted in the clocks at the two ends 
having been brought into synchronism. 

Thus when the information field of the first 
packet ends, we have both crypto units 

90 clocks stopped at the same point. When the 
next packet is sent, both clocks are started at 
the start of the information field, and they 
both start from the same point in time. Thus 
encryption and decryption take place, with the 

95 clocks, and thus the crypto devices starting 
from the same point. When the information 
field ends, both clocks again stop. Hence the 
system only needs one initialisation variable 
per multipacket message. * 
100 To express the system in a slightly different 
manner, we have the following summary, 
which should be studied in conjunction with 
the flow diagram. Fig. 2. note in Fig. 2 that 
the two blocks marked with asterisks are not 

105 required in a single channel system. 

(a) What is Required 

A packet communication system using pack- 
ets with defined headers and tails, which sys- 
110 tern has encryption and decryption at each 
end, and has clock control at each end, 

(b) How the System Operates 

(1) Set up end-to-end connection. 
115 (2) Transfer IV (keys may also be transferred). 

(3) Encryptor and decryptor static and may be 
headed with IV. 

(4) Send packet. 

120 AT EACH END: 

(5) Detect end of header, 

(6) Start clock and encryptor/decryptor at 
commencement of information field. 

(7) Detect start of tail. 

125 (8) Stop clock and encryptor/decryptor at end 
of information field. 

THEN 

(9) Encryptor/decryptor static and loaded with 
130 some variables. 
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(10) Repeat (5) to (8) for next packet 

Thus the above method permits encryption 
to be applied to the communication of data 
through a packet network without the need to 
significantly alter the traffic flow. It has the 
following advantages: 

(a) Encryption key and initialisation para- 
meters can be incorporated into call set-uo 
procedures. ^ 

(b) Encryption parameters are not required 
to be sent with each packet when a call con- 
sists of many packets. 

(c) The encrypted packet may be 
transmitted at the same rate and for the same 
packet" ^°^':esponding unencrypted 

2 MDLct fTrn'T'"^"^ '° '"'^"^ ^'^'^^'"S Level 
LvS P , ^ amendments to 

20 Sated P^°^«d"^es are easily accommo- 

J^l is particularly applicable to 

packetised voice communication where real 
St short"'^ °* *'^P°^t^"'=e and packets are 

(f) The method can be applied to data al- 
ready formatted into standard packets e.g. 

(g) The method is compatible with the re- 
quirements of fast select- operation. 
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30 

CLAIMS 

1. A data transmission system of the 
packet switched type, in which each message 
-i^ transmitted consists of one or more 

35 data packets each having a header, an infor- 
rnation field which may be encrypted, and a 
tail, in which an Initialisation variable is 
transmitted from the one end of the connec- 
tion to the other end thereof only during the 
40 initial call setting signalling and is used ?o set 
he encryption and decryption operations to 
the same state, in which at the sending end 

Iht com^ ^^^^"^^ Controls 

the commencement of the encryption oper- 

of^L ."T^ information field and the start 
of the tail IS detected to stop the encryption 
operation and in which at the receiving end 
he end of the header is detected and controls 
50 ^t, ^°'""^«"'=ement of the decryption oper 

stnn r'^H^^ °^ detected to 

stop the decryption operation, so that be- 
tween packets the encryption and decryption 
operations are stopped in exactly similar 

Sl3t©S . 

55 2. A system according to claim 1, in which 

conrrnlllH^K^" """^ decryption operations are 
controlled by starting and stopping their ap- 
propriate clocks. P 
an u ,^ system according to claim 1 or 2 in 
60 which call setting signalling, initialisation Vari- 
able and encrypted information are all con- 
tained within a single packet. 

4. A system according to claim 1, 2 or 3 
in which packets belonging to different virtual 
65 connections are multiplexed, in which at The 



end of a packet in the static state the crypo- 
graphic variables are transferred to a memory 
and during the header of the next packet the 
relevant cryptographic variables are loaded 
70 from memory. aucu 

5. A data transmission system of the 
packet switched type, in which each message 
to be transmitted consists of one or more 
data packets each having at least a header an 
75 mformation field and a tail, in which when a 
message to be conveyed is to be encrypted 

callino PnH ""A:"''""'^ transmitted from the 
Xrlnf M «^°n"ection to the called end 

thereof dunng the initial call setting signalling 
in which at the sending end the encryption 
operations start at the beginning of the infor- 
mation field and end at the terr^ination of the 
information field, in which at the called end 
the receipt of the Initialisation variable sets the 
decryption means to its initial state appropri- 
ate to the decryption of the packets to be 

natro^o; ih ""^f*" ""'"9 the termi- 

nation of the information field of a packet 
leaves the clocking means at the calling end in 
a state appropriate to the commencement of 
encryption of the Information field of the next 
packet, and In which at the called end the 
termination of the information field of a packet 
being received and decrypted leaves the 

s art nftII!f^T appropriate to the 

start of the information field of the next 
packet, whereby the initialisation variable is 
only sent once for a multlpacket message 
1O0 et"s " '^^^'^'^ ^'""^ message pack- 
6. A data transmission system of the 
packet-switched type substantially as de- 
d?rw?ngs"'' '° accompanying 



80 



85 



90 



95 



Printed in ihe Uniied Kingdom for 

Her Majesty's Siaiionery Office, Dd 8818935 iqflR Aiit: 

o non. WL^A 1 AY. from which copies may be obtained. 



OOCID: <aB_2ie8S73A.JL> 



